8 May 2012 Scalable wavelet-based active network detection of stepping stones
Author Affiliations +
Network intrusions leverage vulnerable hosts as stepping stones to penetrate deeper into a network and mask malicious actions from detection. Identifying stepping stones presents a significant challenge because network sessions appear as legitimate traffic. This research focuses on a novel active watermark technique using discrete wavelet transformations to mark and detect interactive network sessions. This technique is scalable, resilient to network noise, and difficult for attackers to discern that it is in use. Previously captured timestamps from the CAIDA 2009 dataset are sent using live stepping stones in the Amazon Elastic Compute Cloud service. The client system sends watermarked and unmarked packets from California to Virginia using stepping stones in Tokyo, Ireland and Oregon. Five trials are conducted in which the system sends simultaneous watermarked samples and unmarked samples to each target. The live experiment results demonstrate approximately 5% False Positive and 5% False Negative detection rates. Additionally, watermark extraction rates of approximately 92% are identified for a single stepping stone. The live experiment results demonstrate the effectiveness of discerning watermark traffic as applied to identifying stepping stones.
© (2012) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Joseph I. Gilbert, Joseph I. Gilbert, David J. Robinson, David J. Robinson, Jonathan W. Butts, Jonathan W. Butts, Timothy H. Lacey, Timothy H. Lacey, } "Scalable wavelet-based active network detection of stepping stones", Proc. SPIE 8408, Cyber Sensing 2012, 84080I (8 May 2012); doi: 10.1117/12.919571; https://doi.org/10.1117/12.919571

Back to Top